ICP Electronics
ITouch Partner
Lucent Partner
Marconi Partner
Nortel Partner
RAD Partner
Telco Partner
Tellabs Partner
VoxTechnologies 3Com Partner
Adtran Partner
Alcatel Partner
CA Partner
ChannelBank
Cisco Systems Partner
Eastern Partner
Enterasys Partner
Extreme Partner
Larscom Partner Kentrox Partner

VoxTechnologies Enterprise Network Series

Download the PDF file

Multi-Layer Switching in the Enterprise

The keys to greater performance and application control

1.0 Introduction

Networks are designed to support applications that can make businesses more effective and efficient. But a combination of factors--server consolidation, rich media types, bandwidth-hungry applications--create situations in which the demand for applications outstrips the available bandwidth. When this occurs, the network acts like a "funnel"--applications compete for bandwidth or are kept off the network altogether. In these networks, IS professionals are not able to ensure the smooth operation of important applications and must juggle the competing demands for application bandwidth from the various business units in their organizations.

The choke points in these "funnel" networks are at the aggregation spots--in wiring closets and backbones--where performance and services intersect. Legacy software-based routers which have traditionally occupied these aggregation points were never designed for the enormous traffic loads and the anywhere-to-anywhere ºtraffic that is now the norm. Gigabit Ethernet and multi-layer switching routers eliminate these choke points, in a sense, flipping the "funnel" over. By delivering a performance of more than 100 times traditional routers at a fraction of the cost, these devices offer true scalability, providing the bandwidth required for current applications and future applications as well.

Adding bandwidth is only one piece of the solution, however. As the mix of applications in a network becomes more complicated, IS professionals need the ability to manage the traffic flowing through their network. In order to manage this traffic, they must first measure and track the traffic flows. Once traffic patterns are understood, advanced services such as security and prioritization can be used to optimize the network.

It is the combination of performance and control at the heart of networks that delivers businesses a competitive advantage. It is the ability to satisfy the dual requirements of performance and control that has created the excitement around the new breed of products called switching routers. This paper reviews the major functions of switching routers and their importance to the design of enterprise networks.

2.0 Packet Switching Performance

The shortcomings of software-based routing are well known. When network traffic remained predominantly in the workgroup, software-based routers were adequate. Since the majority of the traffic did not cross a router boundary, a router's slow performance was not a crippling detriment--the router's role was predominantly to control the modest amount of traffic that came its way. This became known as the 80/20 rule - 80% of the traffic remained in the workgroup and 20% crossed workgroups.

But the environment has changed dramatically-- the use of Web technologies has exploded, traffic patterns have become unpredictable, the number of users has increased exponentially, etc. While controlling traffic remains a crucial network requirement, the performance penalty that software-based routers bring is no longer acceptable. Hence, we are now hearing that the rule has "flipped" to 20/80.

In the industry buzz surrounding switching routers, performance has taken center stage. Indeed, the performance of switching routers is impressive. Whereas software-based routers forwarded packets at the rate of several hundred thousand packets per second, switching routers forward packets at rates of tens of millions of packets per second--an increase of two orders of magnitude.

This 100-fold improvement in performance occurs because of an architectural change: Legacy routers use software running on microprocessors to forward packets. Switching routers, on the other hand, use hardware, namely, Application Specific Integrated Circuits (ASICs).

While the technology underpinning packet forwarding has changed, the tasks accomplished are the same: Incoming packets are examined, their destination address is compared with the entries in a routing table, and then they are forwarded out the appropriate interface. Along the way, the packet is subject to some additional manipulation: An Ethernet frame is created with its own MAC address as the source, the time-to-live field is decremented, the frame check sequence is recalculated, etc. This process is repeated for each packet, hence the name "packet-by-packet routing."

This is the heart of the legacy-based router's inability to provide both performance and control. Control is provided by rules which can, for example, prioritize traffic (QoS), deny access (security) or provide accounting data. In each case, when the incoming packet's destination address is examined, so too is the set of rules which apply to the traffic flow. In a software-based router, these rules are kept in a software database which must be checked for each packet.

Here is the rub: The microprocessor which must forward packets also must do the database lookup. While the lookup is underway, packets are not forwarded, leading to a dramatic drop in forwarding performance.

The new generation of switching routers does not face this problem since the lookup and application of control functionality is carried out in hardware. The key to understanding how switching routers marry performance and functionality is to examine how deeply the ASICs read into each packet. The more information that the ASICs can gather about each flow of packets, the more detailed level of control can be applied to the flow of packets.

3.0 Network Functionality and Control

A single client/server conversation generates a stream of packets between the client and the server. This stream, called a flow, can be identified at Layer 2, Layer 3 or Layer 4. Each layer provides more detailed information about the flow. The fundamental task in managing a network is controlling these flows of traffic.

At Layer 2, each packet in the flow is identified by the MAC address of the source and destination end stations. The ability to control the flow is thus limited to the broadcast domain. Traditionally, products that switch traffic at Layer 2 deliver performance but little functionality, since the source and destination MAC address is a crude translation of the information in the packet.

At Layer 3, flows are identified by source and destination network addresses, and the ability to control the flow is limited to source/destination pairs. Some of the switching routers, often marketed as Layer 3 switches, operate at this level of granularity. If a client is using several applications from the same server, Layer 3 information does not provide visibility into each application flow, so individual rules cannot be applied to each flow.

Legacy routers always had the ability to read into the Layer 4 header. In fact, most of the advanced control features in legacy routers were performed at Layer 4. For example, in software-based routers, Layer 4 information is used to set security filters, an important component in controlling network traffic. But for software-based routers, reading deeply into the packet was, for reasons explained above, extremely costly in terms of performance. Indeed, in many software-based routers, performance dropped by as much as 70% when security filters were enabled.

What is in the Layer 4 header? Layer 4 of the OSI model is the Transport Layer. It is responsible for coordinating communication between network source and destination systems. TCP (Transmission Control Protocol) and UDP (User Datagram Protocol) reside in Layer 4. At Layer 4, each packet contains information that can be used to uniquely identify the application that generated the packet. This is possible because the TCP and UDP headers include "port numbers" that identify which application protocols are included in each packet. Port numbers between 1 and 255 have been reserved for "well known ports." For example, e-mail (SMTP) is port 25. UNIX services are assigned to ports within the 256 to 1024 range (for a full list of port numbers see ftp://ftp.isi.edu/in-notes/iana/assignments/port-numbers).

In combination, the port number information in the Layer 4 header and the source destination information in the Layer 3 header can be used to apply truly fine-grained control. Individual application conversation flows can be controlled between client and servers, and if the switching router is full function, all this can be done at wire speed.

By reading into the Layer 4 header, a Layer 4 switch can differentiate between applications when performing routing decisions. Applications can be assigned different forwarding rules, guaranteeing different Quality of Service (QoS), or have security filters applied to them providing application-level control over the network. For example, SAP, PeopleSoft or Baan can be granted priority over e-mail traffic, which in turn can have priority over Web surfing.

Once this information is tracked, QoS, security and accounting can be applied to the individual flows using the source/destination/source-port/destination-port information--in other words, at the application level.

It is important to realize that a single client/server pair can have many different application conversations open at the same time. Since an enterprise backbone sees many thousands of client/server pairs, a backbone class Layer 4 switch must have the table capacity to store in the order of millions of Layer 4 flows.

For example, a 2,000-user network with 24 Web servers with each user working on two or three documents per server creates 144,000 table entries that must be maintained for Web browsing alone. Router designs that are optimized for 8,000 or 24,000 table entries lack the table capacity to maintain sufficient numbers of active flows. Frequent table misses in these routers will result in degraded backbone performance due to the thrashing of their forwarding cache.

4.0 The Benefits of Application-Level Control: QoS, Security, Accounting

Application-Level QoS
The demand for QoS is undeniable. Rich data types, mixed media, video conferencing, real-time audio and video multicasting, Internet telephony and interactive transaction processing combine with mission-critical applications to create the need for tight control over latency and throughput.

QoS refers to a set of mechanisms for guaranteeing levels of bandwidth, maximum latency limits and controlled inter-packet timing. True QoS strategy strives to meet the needs of all traffic flows in the network by providing wire-speed bandwidth and low latency to all applications. However, when output wires on a switch are overloaded and internal buffers are filled, QoS is required to prioritize traffic by creating rules or "policies" that stipulate priority. Policy-based QoS gives network managers control over latency and throughput so that the demands of high-priority traffic may be met.

Layer 4 switching allows QoS policies to be set on application-level flows, thereby giving network managers complete control over bandwidth usage in the network backbone. With Layer 2 or Layer 3 switching, QoS policies can only set priorities for traffic based on source or destination addresses. Applying QoS policies on Layer 4 application flows means priorities can be set on individual host-to-host application conversations.

Application-Level Security
Traditional routers have used security filters and access control lists for secure access to the corporate networks and databases. Historically, access control consisted of software-based processing of Layer 2, Layer 3 and Layer 4 information in every packet, and comparing the data with a list of allowed addresses and applications. A natural consequence of software-based processing was that router performance severely degraded whenever security filters were enabled. This was due to the increased number of instructions that the central processing unit (CPU) was required to execute on every packet. For example, setting a DNS filter in some routers may result in up to a 70% drop in performance.

Layer 4 switching eliminates the performance loss associated with security features. A true Layer 4 switch should deliver wire-speed performance when all the advanced features including security are activated. In Layer 4 switching, packets are processed in custom ASICs, and since the source and destination port information is tracked, application-level security can be coupled with wire-speed performance. For example, access to corporate information can be controlled per user's application instead of blocking all users of a particular application. This gives the network administrator better flexibility and control over the corporate network and enables a wider choice of applications to desktops.

Application-Level Accounting
Management requires measurement. When network traffic cannot be measured, it cannot be effectively managed. Layer 4 switching vastly improves measurement, accounting and performance monitoring capabilities by tracking application flows. As discussed above, a Layer 4 switch tracks source/destination network addresses and source/destination port numbers for each flow. This allows a well-designed Layer 4 switch to collect accounting information for each and every flow that passes through it.

This information translates directly into standard per-port RMON/RMON2, eliminating the need to attach standalone external RMON/RMON2 probes. Thus, Layer 4 switches should provide wire-speed RMON/RMON2 (all groups) on all ports, all the time, and managers should be able to access RMON/RMON2 statistics directly from the Layer 4 switch. Any standards-based RMON/RMON2 application can access a Layer 4 switch to gather critical performance for traffic analysis, trending and accounting.

This level of detailed accounting enables network managers to understand which applications are hogging bandwidth and to balance loads across servers. For ISPs this detailed accounting feature enables them to provide a "phone bill" detailing application and bandwidth usage for every user.

5.0 Support for the Full Range of Routing Protocols

While switching routers gain their performance/functionality boost through hardware implementations, route processing remains a software-based activity. Route processing is the process through which the route table is dynamically updated. This activity, often described as "control plane," is separate from the "forwarding path" described above.

Switching routers vary in their support for the dynamic routing protocols. Rudimentary switching routers (often fixed-configuration as opposed to chassis-based) support only Router Information Protocol (RIP), a distance vector protocol. For a simple network, RIP is often adequate. It provides periodic updates to the routing tables, convergence around failed links, etc.

More complicated networks require a more complicated routing protocol. Switching routers designed for implementation in large networks require Open Shortest Path First (OSPF) routing protocol. While it is significantly more complicated than RIP, OSPF has some very desirable properties--including rapid convergence around failed links and few route updates in stable topologies.

Recently, protocols supporting multicast routing have moved to the fore as the applications that require multicast support have become more popular. Switching routers should implement the full set of standards-based multicast protocols: Distance Vector Multicast Routing Protocol (DVMRP) as well as the more scalable Protocol Independent Multicast (PIM).

Switching routers that do not support all these routing protocols will be relegated to providing partial solutions. Conversely, switching routers that can deliver performance, functionality, and the rich mix of protocols will be the building blocks of durable networks.

6.0 Enterasys's Switch Router Solutions

Enterasys offers a complete set of solutions at Layer 2 and at Layers 2/3/4.

Workgroup
Enterasys offers a variety of stackable Layer 2 workgroup switches including the SmartSTACK 100 and the SmartSwitch 2200. These products offer attractive price-performance characteristics, Gigabit Ethernet uplinks and various media interfaces. For customers who wish to push QoS and security to the desktop, Enterasys offers the Xpedition 2000, a full-function stackable switch router designed for high-end workgroup applications.

Wiring Closet
The demands of the wiring closet are predominantly high port density, low price and uplink capability. Enterasys can meet these demands at Layer 2, with the chassis-based SmartSwitch 6000 which delivers full-function Layer 2 switching and Gigabit uplinks, and at Layer 2/3/4 with the Xpedition 8600. The SSR 8600 is a high port density (120 10/100Base-TX or -FX, 30 Gigabit Ethernet) switching router ideal for heavy-traffic wiring closets when the requirements for control demand Layer 2, Layer 3 and Layer 4 functionality--e.g. if customers want accounting data starting at the wiring closet or want to push Quality of Service to the desktop.

Campus Core and Enterprise Backbone
Again, Enterasys offers solutions at Layer 2 and Layers 2/3/4 in the campus core and enterprise backbone. For customers that prefer the simplicity of large flat networks, Enterasys offers the SmartSwitch 9000 as a wiring closet aggregator. At Layers 2/3/4, Xpeditions are ideal for campus core and enterprise backbone applications. These locations are the traffic intersections and as such require the most advanced combination of performance and functionality. The Xpedition 8- and 16-slot chassis meet these requirements with routing throughput in excess of 30 milion packets per second. They deliver high port density, up to 120 10/100 BaseTX or FX ports or 30 Gigabit Ethernet ports, and offer a rich feature set including fine grained accounting, application-level QoS and security. Supporting RIP, OSPF and BGP, and offering enormous table capacity (up to 250,000 routes), they ensure that no network is too large for the SSR 8000 or SSR 8600 to sit at the core.

WAN Edge
Some companies would have you believe that the benefits of switching routers end before the WAN. Not surprisingly these are the same companies that are trying to reposition legacy routers to the WAN edge. While it's true that few vendors have extended switching router functionality to include WAN interfaces, the requirements for wire-speed performance, massive capacity and fine-grained control are as applicable at the WAN edge as they are in the campus. Enterasys's Xpedition family extends the price/performance/functionality benefit of switching routers to the WAN edge by providing serial and HSSI interfaces that support T1 and T3 speeds running Point-to-Point Protocol (PPP) and Frame Relay.

7.0 Conclusion

Switching routers offer revolutionary performance while extending functionality. Full-function routing switches provide the performance required while simultaneously delivering the control necessary to turn networks into business tools. From the workgroup to the WAN edge, Enterasys offers a range of solutions enabling networks to become sources of competitive advantage.